Struggling to figure out why the outbound webhook from our Genesys Cloud Architect flow to ServiceNow is returning a 403 Forbidden error specifically when the payload contains redacted PII fields from the digital messaging transcript. The integration works perfectly for standard text logs, but fails immediately upon triggering the data masking rules defined in the Security/Compliance settings. The error occurs at the /api/v2/webhooks endpoint when the payload size remains under the 4096-byte limit, suggesting this is not a truncation issue but an authentication or authorization mismatch.
We are using the latest ServiceNow REST API client credentials with OAuth 2.0, and the token refresh mechanism appears healthy in the logs. The issue persists across multiple agents in the Europe/London timezone, indicating a systemic configuration problem rather than a user-specific anomaly. Has anyone encountered similar 403 errors when combining Architect-level data masking with external webhook integrations? I have cross-referenced the Genesys Cloud Security documentation and verified that the webhook user role has the necessary permissions, yet the request is still rejected by the ServiceNow instance.